The Compliance and Auditing Policy defines the approach to be taken to ensure the Company is compliant with legal, statutory, regulatory and contractual obligations related to information security and of ant security requirements, standards and internal policies, guidelines and processes mandated by the Company.
The scope and statements within this policy shall also apply to all personal data processed by the Company. “Processing” in this context means any operation concerning personal data throughout the information lifecycle; this includes but is not limited to personal data collected, stored, viewed, transferred, analyzed or communicated in hard copy, oral or electronic form.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. IDENTIFICATION AND COMPLIANCE WITH LEGAL AND REGULATORY REQUIREMENTS
3.1 COMPLIANCE WITH LEGAL, REGULATORY AND CONTRACTUAL INFORMATION SECURITY AND DATA PRIVACY REQUIREMENTS
3.2 INTELLECTUAL PROPERTY RIGHTS
3.3 PROTECTION OF RECORDS
3.4 PRIVACY AND PROTECTION OF PERSONAL DATA
3.5 PREVENTION OF MISUSE OF INFORMATION PROCESSING FACILITIES
3.6 REGULATION OF CRYPTOGRAPHIC CONTROLS
4. INFORMATION SECURITY OPERATIONAL RISK MANAGEMENT
5. INFORMATION SECURITY REVIEWS
5.1 MANAGEMENT REVIEW OF THE INFORMATION SECURITY MANAGEMENT SYSTEM
5.2 INDEPENDENT REVIEW OF INFORMATION SECURITY
5.3 COMPLIANCE WITH SECURITY POLICIES AND STANDARDS
5.4 TECHNICAL COMPLIANCE REVIEW
6. INFORMATION SYSTEMS AUDIT CONSIDERATIONS
6.1 INFORMATION SYSTEMS AUDIT CONTROLS
6.2 PROTECTION OF INFORMATION SYSTEMS AUDIT TOOLS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION
Identity and Access Management Standard describes the management of individuals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.
The objective of the Network Security Policy is to ensure the security of data transfers across Company’s networks and that an adequate level of security exists to protect the network infrastructure.